Do I need to share a provider admin API key to use CostHawk?

No. CostHawk can start with local-first MCP telemetry from Claude Code, Codex CLI, and OpenCode. Admin API sync and wrapped model keys are optional paths.

Does CostHawk store prompts, responses, or source code?

No. CostHawk stores usage metadata such as token counts, model names, timestamps, cost, and hashed project identifiers. Prompt content, response text, and source code are not stored from MCP telemetry.

How are provider credentials handled?

Admin API keys are encrypted at rest with AES-256-GCM. Wrapped keys are resolved server-side for proxy-based tracking and policy controls.

Security

Built for teams that are skeptical for the right reasons

Start secure AI API cost monitoring in minutes without sharing a single provider admin key. CostHawk uses local-first MCP telemetry for LLM cost tracking, then lets your team opt into admin sync or wrapped model keys only when you want deeper controls.

Get Started Free Read the Docs

Public Proof

54B

total tracked tokens across the public coding telemetry stream.

Live Operators

opted-in operators currently contributing visible usage data.

Recent Syncs

fresh sync events recorded in the last ten minutes.

Local-first telemetry by default

Claude Code, Codex CLI, and OpenCode usage is parsed on your machine before metadata is sent to CostHawk.

No prompt or code storage

CostHawk stores usage metadata only: tokens, models, timestamps, cost, and hashed project identifiers.

Keys only when you opt in

Admin API sync and wrapped proxy keys are optional paths for teams that want deeper attribution or centralized control.

Trust Boundary

What CostHawk touches and what it does not

Stored

Token counts, model names, timestamps, and cost metadata
Hashed or scoped project attribution for reporting and alerts
Encrypted admin credentials when you enable admin sync

Not Stored

Prompt content or completion text from MCP telemetry
Source code or file contents from your local project folders
Plaintext copies of provider keys at rest

Operational model

The safest path is also the default: install the MCP, review the dry run, and start tracking local coding usage without handing CostHawk a provider admin key. Teams that want request-level attribution can add wrapped keys later.

Encrypted credentials

Admin API keys are encrypted at rest with AES-256-GCM. Wrapped keys use encrypted resolution server-side.

Preview before upload

Dry-run syncs show what would be sent before you commit to a live upload.

Opt-in automation

Auto-sync is off until you enable it. You can turn Codex sync on or off independently.

Need the long-form policy?

The product trust story lives here. The legal language lives in the privacy policy and terms.

Secure LLM Cost Tracking

Start tracking in minutes without sharing a provider admin key

Install the MCP, review the dry run, and start monitoring Claude Code and Codex usage before you decide whether you need wrapped keys or admin sync.

Get Started Free Install in 60 Seconds